The PostgreSQL Security team is pleased to announce that PostgreSQL is now a CVE Numbering Authority (CNA). A CNA has responsibilities for assigning CVE IDs and participating in responsible disclosure with projects within its scope. You can find out more information about the role of PostgreSQL as a CNA on the [PostgreSQL security](https://www.postgresql.org/support/security/) page:
[https://www.postgresql.org/support/security/](https://www.postgresql.org/support/security/)
The process for reporting a security vulnerability in PostgreSQL has not changed. If you believe you have discovered a security vulnerability in PostgreSQL, please send an email to [security(at)postgresql(dot)org](mailto:security(at)postgresql(dot)org). For more information on what is considered a vulnerability and the reporting process, please review the [PostgreSQL security](https://www.postgresql.org/support/security/) page:
[https://www.postgresql.org/support/security/](https://www.postgresql.org/support/security/)
You can find the original announcement on PostgreSQL being added as a CNA on the CVE page:
[https://www.cve.org/Media/News/item/news/2024/01/16/PostgreSQL-Added-as-CNA](https://www.cve.org/Media/News/item/news/2024/01/16/PostgreSQL-Added-as-CNA)
